Security – Page 9 – Maverisk / Étoiles du Nord

A parachute to your Dutch granny budget

If you have no clue about the title, read on.
It’s about a Dutch ‘granny bike’. And about your bosses’ golden parachutes. And how to get budget for the ~~playthings~~ bare minimum tools you require.

First off: the biker part. Note that this has unsurpassably been written up here. On how crappy banger bikes, are locked with supremo but ridiculously expensive gear and how this out-of-all-proportion control-cost still makes sense. Reading is believing.
Second: These days, FUD is Real; à la the “Either you’ve been hacked or will be, soon” line and including the ever bigger transparency in the press. With a warning of impeding disaster for all your remotely involved (even if by negligence — wait did I write ‘if’ ..?) bosses and their tenure, as these days, too, a great many including CEOs get fired / are forced to quit / commit seppuko almost, when <youknowwhat> hits the fan and always runs downstream, hence getting a lot of you superiors their golden parachute. Their mileage may vary, but the threat finally (…!) is a believable one. Either they believe (wrongly) to be able to escape the gauntlet anyway but should then, officially, care about the parachutes’ cost to the company and take that as a clue about the (tenfold++) reputational damage to the company, or … they aim to take the money and run and go on disastering elsewhere, leaving said reputational damage and parachute costs to the laggerds left behind — you inform the odd superior here and there that their colleagues/peers are about to pull their leg and leave the sweeping up of the damage to the stayers.
Summing up to: At the cost side, the rationale is such that the ceiling of any of your proposals takes off to, at last, suitable levels. At the benefits side (cost-avoidance), suddenly the decision makers’ personal interest is there.

Combined, this should as written suffice to finally get sufficient budget for the ~~playthings~~ bare minimum tools you require. Or what.

I tell you what: The above even now may still not make sense to the … [expletive censored] bosses above you. Plus:

[Harmless sea beggars on the Dutch coast; Bloemendaal]

Angst is not temporary

Struck me while going through, near the finish, Graeber’s Utopia of Rules, that the fear for the Unknown What to be Feared that keeps so many captured in Bureaucratia and will defend it and stupidify themselves to such utter stooping levels just by being harrassed into Fear of Anything Else,

is in the end a reason par excellence to venture forth with contracted staff.

Not the other way around, where one still hires unknown qualities, with similar or ex ante already less excellent staff [the truly excellent trust their qualities to survive whereas those shooting for perm contracts, don’t by definition] and then you’re stuck with them.

But straightforward, with staff that has the balls (F/M/~) to do the job, needs no fall-back security through the layoff premiums [hey, if you’d want to fire the perms, you can but at a modest cost], and moves away when they see their talent better deployed elsewhere [hm, a risk to you, to lose your best hires — or you keep them motivated…] or you both do that.

When put into a cost-benefit analysis , it plays out just as well.
Hiring costs: Better on the Temp side; Management/oversight/control/coordination costs: Better on the Temp side (! they’ll manage themselves thank you); Straight paycheck costs: Better on the Temp side! Yes indeed, when compared to fully-loaded super-grossed Perm rates that include all social benefits, schooling, &c. &c.

Just ditch the middle extortionist men.

So, follow your Angst and hire me… Plus:

[Changing the views, improves them…; question: Where?]

DoS Internals

No, no typo. Not DOS Internals or so. Rather, internal DoS attacks.

Are they tractable? [Uhh, that may sound like they’d be positive things to be able to do — sorry, just hinting at “technical feasibility” here]

Yes they are. Stuxnet was the prime example. Something similar would be tractable once one is (somewhat) on the inside, I guess. Like, an APT exploring the internal networks for topology, infecting routers along the way, and then blowing them up all, all at once, with megazillion tons of traffic, internally generated. Denying (internal) network services to all. Or even bricking routers with e.g., flash-ROM attacks. Feasible.

The same, with surreptitious tweaks of kernel scheduling processes, Stux style. Or, there, too, diving deep into and under the virtualisation layers and bricking the core BOISsen and other Level 0 / 1 server software. Overflowing disks with random data (be sure to buffer tons, so restarts / re-mounts will not help too easily).

Hmmm, once one starts thinking about it, the possibilities are huge. Maybe some nationstate party/ies has some arsenal out there in the wild already. Think yesterday’s post; on its own or in combo with Elections, whose interests where?

Oh whatever … plus:

[A hole in your servers’/routers’ “floatation” capabilities will sink your infra; Baltimore]

Did / Did Not (Know Who Did)

Anyone still have an overview of where we (?) stand qua attribution of “cyber” attacks [ #ditchcyber, of course ] ..?? Apart from this…

There’s so much development in attribution with or without proof, e.g., about hacking elections in some outer corner of the world’s population; was it truly hacks, was it some nation state, was it some scapegoat hackster, was it all a set-up, where are Wikileaks, Anonymous, [fill in your favourite Four Horsemen party and colour the pictures] … the possibilities are endless.

But there are indeed flashes like this and this, which spark some controversy whilst blurring the overall picture. And we’d want unblurred pics of hotel room showers oh wait not I.
And what with all the tools out there (remember, the FBI’s stash stolen and now on fire sale for 99% off the previous list price, right?), planting others’ fingerprints and DNA, so to speak (no, literally ..!), and have pictures and videos even that are near-indistinguishable from proof; what evidence if any is still admissible in courts? None …!? So, what attribution …!?

When others talk about “controlling the cyber battlefield” (no, not the FBI but the extraterritorial agency), isn’t there a protracted “cyber” [ #ditchcyber ] world war under way already ..? Just not as hot as the previous one, more like the Cold one, schlepping on ..?

Just accept all Peace For Our Time‘s … and:

[The SocMed approach: Look! Moose babies!]

Walking away from your desk

This, re yesterday’s post that was in some vincinity (though with quite some distance to spare…) of ranting about bureaucratic stupidity being a pleonasm.
By means of a pic, with:

A Bureacrat certainly designed this. The ejection seat would to a bureaucrat mean the danger of you escaping from the post you were supposed to hold no matter what — since in the bureacratic only thinkable scenario, nothing would ever happen or you’re unfortunate collateral loss but hey, the System continues to perform.
For all others (the handful, the few good men), the ejection seat is apparently surrounded by just that danger, and to be used to escape from from that immediate and urgent, life-threatening danger of death by utter boredom, by sitting still. Noting that the rig that the sign is on, invariably is one made for dangerous action, not for danger evasion… Ships are safe in harbour but that’s not what ships are for; kites [your check] so much, much less so!

Which side are you on; the sit-stillers’ or the Action Men’s ..?

Hoodies are off

Truly, we have arrived in a distopian world when crime fighters go after the petty ‘criminals’ only — if there were any bigger catches, the headlines would be flooded and as we hardly ever see that, this is the best for the fighters that they can brag about ..?
I mean, have a look at <link>; a real Cyberrr! (#ditchcyber) criminal was caught! How incredibly clever he was! Being traceable by his ‘own’ IP address and own bank account. So certain of his own greatness that he didn’t even seem to have worn a hoodie — you know, the device that keeps all ‘hackers’ [Dammit! Learn the difference between hacking and cracking!!! or remain a stool forever] completely anonymous. And in Russia. Or did I say R I meant China, when it’s about nation-state retaliation (sic!).

Where in Lucky Luke and Billy the Kid was it that the quote passes “Yes yes be silent dear little boy we do know you’re a really grow-up thug.” ..?
Time to hold this to the Police …?

Oh, and:

[Surely, no-one would dare to attack here? Surely, this is just a decoy and nothing of value would be inside ..? — Well, the value’s not only in the hotel facilities but much more in the wine cellars … next door; Castello Gabbiano]

Hacking not allowed

… at least, if you’re from an official agency that would have to stick to basic rules of common decency.
Despite the push for the police to be allowed to exploit backdoors (and not report/repair them), the thing seems to not sit well with supreme legislation… (link in Dutch; with PDF and/or give Alphabet’s translator a try) — apart from making us all including themselves, much unsafer…

We’ll see. And:

[The humane workplace — non doctored pic; Zuid-As Amsterdam]

Four horsemen, with a badge

Now that ‘our failproof heroes of integrity’ (one of those five words is correct) have gained the right to hack and exploit each and every users’ device in their battle (huh) against the four horsemen, each, all and every proof of misconduct of however grave or minor import that anyone would conduct using any such ‘cyber’ device would not hold in court because no-one can prove it was the general user / suspect (sic) that put the data onto there or used it and the police would be implicated as well but cannot prove satisfactory it wasn’t them.

Obliterating any chance of ever proving actual foul horsemen…

But hey, they seem to have wanted that. For a reason? E.g., the above suspects were in majority already among the pursuers ..?

Why would I care… and:

[Your ‘straight’ thinking…; Zuid-As Amsterdam]

Cyberprevention

Just a signal, of a new movement. Which isn’t.

For one, the -prevention — doomed from the [ word Go | – part ]. Which becomes less and less valid. Yes, some deterrent actions may help, but one better focus on the fact of future break-ins… And act accordingly — much more efficient for almost all. Take the 1st graph of this, and weep / go / the rest of it, too.
For two, ‘cyber’ … #ditchcyber nails it, in the Manifesto.

Yes that’ll be all for today, including:

[So, you can #ditchcyber, too]

Oops, there it is! (now you don’t, see it)

Suddenly, there it is, almost as if it’s something new … Malware using stego, as if it might still surprise anyone whereas of course there already was this, and this, and this and this.

What next? Even smarter ad blockers ..? Will not work, as the latter are only in use with the smarter part of the bunch. And smarter ad blockers will be installed by even fewer, as the pay-off is less visible (timely enough).

No, what’s next is first an armageddon [Warning: cultural notion; propose to use the more profound Ragnarök] — of which the result hopefully … is that ads will be marginalised. A great many a socmed platform (looking at you, $FB and other (sic) unicorns) may (signifying possibility and hope) go asunder as ads are their value period

Then, hopefully, Yggdrasil will grow again. E.g., with truly egalitarian platforms; truly global (though that aspect may not have been sunk in the great flood) and free, meaning that also, the trolls can be captured and ring-fenced and not destroy some or many or the platforms / -ideas.

How philosophical one can get in dreams/dreaming, how far off today is the better-than-today’s-should-have-been.

Plus:

[All sorts of meta-info (‘nothing to protect here just move on’/ Í can see you but you can’t see me’ et al); Segovia or what was it]